The site is still under construction, please be indulgent.
Welcome
Welcome to another blog of just another guy interested in vulnerability research and reverse engineering. Because I learned a lot from random posts on internet, and I’m interested by ever learning/challenging myself, I decided to create this blog to share back to the community and write down my adventures. Let's hope some people will find it interesting!
Within the Blogposts section, you'll find posts containing detailed analyses. Within the Advisories section, you'll find quick details about some of the vulnerabilities I have reported. I indeed believe that documenting and publishing details about vulnerabilities help a lot defenders.
If you have any remark/question/correction to give out, feel free to reach out to me via Twitter or LinkedIn
Blogposts
- 1
- 1 / 1
Advisories
The following vulnerabilities were found through original research, mostly through variant analysis while analyzing/reversing exploitation campaigns.Date | CVE | Title | |
---|---|---|---|
2024-08-23 | partial 0day | BrikerBox and Briker IPPBX SQL injection | details |
2024-08-02 | CVE-2023-29300 | Adobe ColdFusion RCE | details |
2024-08-02 | CVE-2023-36932 | Progress MoveIt authenticated SQLi | details |
2024-06-30 | CVE-2023-5350 | SuiteCRM < v7.14.0 authenticated SQL injection | details |
External publications
Projects
- pcode2code: a VBA pcode decompiler based on pcodedmp tool useful when dealing with VBA stomped malicious office documents
- SourceFu: an experiment at creating a deobfuscation tool based on partial grammar interpretation and ANTLR. It was quite a fail though when presented to public.